\begin{abstract}

To construct attacks against software systems, an attacker often has
to rely on knowledge about the data structures defined in the target
program. As a counter-measure, previous research has proposed and
demonstrated the potential of randomizing the layout of a program's
data structures, in order to diversify the executables of a program
hence foiling the attacks based on the layout of data structures
defined in the original source code. Unfortunately, existing data
structure layout randomization techniques require manual designation
of randomize-able data structures without guaranteeing the
correctness of the resultant executables. Furthermore, once an
executable has been generated, the layout of its data structures
will remain unchanged. To advance the state of the art, we in this
paper present an advanced solution that enables automatic generation
of executables with self-randomizing (at runtime) data structure
layout. Our system, called SALADS, does not require any modification
to source code, and from the source code, SALADS automatically
generates executables with randomized data structure layouts. More
importantly, each executable will self-modify the layout of its data
structures at runtime, with each instance of the data structure
independently randomized. We have implemented SALADS based on
\texttt{gcc-4.6.0} and used it to generate executables for
user-level applications, OS kernels, and virtual machine monitors.
Our experiments show that the executables generated by SALADS are
able to defeat a wide range of attacks at user, kernel, and
hypervisor levels (e.g., memory exploits, kernel rootkits, and Blue
Pill attack).

\end{abstract}
